Mercurial Mercurial > upstream > oracle > pkg-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/tests/ro_data/signing_certs/openssl.cnf
changeset 2026 d1b30615bc99
child 2215 b4355e8c5097
child 2572 20cf41d565de 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/openssl.cnf	Mon Aug 16 16:48:50 2010 -0700
@@ -0,0 +1,169 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+#
+
+# OpenSSL configuration file for use with generate_certs.py.
+
+HOME                    = .
+RANDFILE                = $ENV::HOME/.rnd
+
+[ ca ]
+default_ca      = CA_default
+
+[ CA_default ]
+dir             = .
+crl_dir         = $dir/crl
+database        = $dir/index
+serial          = $dir/serial
+
+x509_extensions = usr_cert
+unique_subject  = no
+
+default_md      = sha256
+preserve        = no
+
+policy          = policy_match
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+####################################################################
+[ req ]
+default_bits            = 2048
+default_keyfile         = ./private/ca-key.pem
+default_md              = sha256
+
+prompt                  = no
+distinguished_name      = root_ca_distinguished_name
+
+x509_extensions = v3_ca
+string_mask = nombstr
+
+[ root_ca_distinguished_name ]
+commonName = ta1
+countryName = US
+stateOrProvinceName = California
+localityName = Menlo Park
+0.organizationName = pkg5
+emailAddress = ta1@pkg5
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = critical,CA:FALSE
+keyUsage = digitalSignature
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+
+[ issuer_ext ]
+
+# Used for a code signing cert with an unsupported critical extension.
+
+basicConstraints = critical,CA:FALSE
+issuerAltName = critical,issuer:copy
+
+[ issuer_ext_ca ]
+
+# Used for a CA cert with an unsupported critical extension.
+
+basicConstraints = critical,CA:TRUE
+issuerAltName = critical,issuer:copy
+
+[ crl_ext ]
+
+# Used for testing certificate revocation.
+
+basicConstraints = critical,CA:FALSE
+crlDistributionPoints = URI:http://localhost:12001/file/0/pubCA1_ta4_crl.pem
+
+[ pubCA1_ta1_crl ]
+
+# Used for testing certificate revocation.
+
+basicConstraints = critical,CA:FALSE
+crlDistributionPoints = URI:http://localhost:12001/file/0/pubCA1_ta1_crl.pem
+
+[ ch1_ta1_crl ]
+
+# Used for testing certificate revocation at the level of a chain certificate.
+
+basicConstraints = critical,CA:FALSE
+crlDistributionPoints = URI:http://localhost:12001/file/0/ch1_pubCA1_crl.pem
+
+[ crl_ca ]
+
+# Used for testing CA certificate revocation by a trust anchor.
+
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+crlDistributionPoints = URI:http://localhost:12001/file/0/ta5_crl.pem
+
+[ bad_crl ]
+
+# Used for testing a CRL with a bad file format.
+
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+basicConstraints = critical,CA:false
+
+crlDistributionPoints = URI:http://localhost:12001/file/0/example_file
+
+[ bad_crl_loc ]
+
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+basicConstraints = critical,CA:false
+
+crlDistributionPoints = URI:foo://bar/baz
upstream/oracle/pkg-gate